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Abstract 

The purpose of this paper is to enumerate a series of 
security steps that might be taken by those individuals or 
organizations that are contemplating web-based tests and 
performance assessments. From a security viewpoint, much 
of what goes on with web-based transactions is similar to 
other general computer activity, but the recommendations 
here focus on what can be done to avoid data compromise and 
loss or to resurrect such information should it be 
modified . 
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Introduction 

Several testing companies have now released tests for 
administration over the World Wide Web (the web) or are 
well into the process of doing so. While computerized 
testing has been in place for almost a decade, the use of 
the web as an administration format is relatively new 
(Shermis, 1997) . The advantages of using the web as an 
administrative format are numerous, including: global 

reach, standard interface, immediate updating, centralized 
control, and ease of use. These advantages are often 
weighed against two significant drawbacks: inconsistent 

connectivity and a proneness to security risks. The 
remainder of this paper is devoted to discussing the 
possible data collection risks for computerized testing 
with a special emphasis on the web-based format. The 
former problem can be ameliorated by installing multiple 
servers, implementing server load-balancing, upgrading 
connectivity, dedicating lines, or some combination of 
these steps. 

Where to Begin? 

The overwhelming attacks this week against some 
of the Internet's biggest companies required 
dozens of powerful zombie' 1 computers 

collectively aiming a crippling tide of data at 
target Web sites. Experts believe the hackers 
earlier had infiltrated and secretly installed 
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their attack software on these computers, setting 
them up as unwitting accomplices in a crime- in- 
the-making. Were the operators of these computers 
merely victims of these unprecedented assaults, 
or were they partly to blame? It's a question 
with enormous consequences for the Internet, the 
sprawling worldwide network that has few rules 
and where security can range from ironclad to 
nonexistent . As the Internet ' s importance grows 
as an engine for America's economy, some experts 
wonder whether unsafe computers can continue to 
be tolerated, or whether there is any 
alternative. (Bridis, 2000) 



This snippet, taken from an Associated Press 

Technology release, summarizes a recent breach in Internet 
security that paralyzed a number of U.S. commercial firms 
for a span of two days. The consequences of such an 
intrusion are potentially expensive in terms of money, 
labor, and most importantly, consumer confidence. 

Because Internet transactions are a relatively new 
phenomenon, people tend not to trust them as much as they 
do more familiar paper transactions. For example, my 

friends often object to me paying for items over the web 

because of the possibility that my credit card number might 
be intercepted. These are the same people who, in a 

restaurant, give a perfect stranger their credit card, 
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legitimate purposes. In contrast, my web transactions go 
into a secured area and are encrypted with 128-bit 
technology. Even if someone could intercept the 
transmission, it would take a bank of computers and a very 
long time to extract the card information in order to do 
anything with it. 

There are probably no "bullet-proof" security systems 
that will protect one against every possible mechanism that 
would compromise, corrupt, or destroy data collected by via 
the World Wide Web. Given the fact that a computer could 
fail at any possible moment, there will always be some risk 
involved . 

Before any trouble occurs one might wish to engage in 
a risk analysis. The process involves examining the 
computer system for information that needs to be protected, 
and whether that information is subject to a possible 
security threat. This will help to determine where trouble 
is most likely to occur by pinpointing weak spots in the 
system. By performing this simple procedure, valuable time 
can be saved when attempting to restore lost information or 
functions. There are three relatively simple steps 
involved in performing this analysis. 

The first is determining precisely which components 
are security risks. All applications and data should be 
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inventoried to establish a record of the present 

components. If the system is very large, an inventory 

management system can be used to keep track of the system 
components. Software such as the Zero Administration 
Client (ZAC) , by McAfee, is a useful alternative for the 
management of a large system. 

The second step is to examine the concrete ways in 
which threats could occur. Examine each component 

individually to identify specific problem possibilities. 
Examples of these possibilities include software failure, 
power loss, hardware failures, tampering and hacking, etc. 

The final step is to develop recommendations for 
solutions to each possible threat to every component. By 
systematically generating solutions to each problem 
examined in the second step, one can generate a checklist 
of procedures that can be easily accessed and followed in 
times of emergency (Benson, 1998b) . 

A number of security actions should be taken to insure 
the safety and well being of the organization's network. 
The situations and areas that should be accounted for are: 
recovering from disasters, the development of security 
policies, user-end security, security for menu systems and 
control programs, virus protection, physical security and 
possible threats from the Internet. While most of the 
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headlines regarding data loss or compromise have focused on 
external threats, the probability runs about 10:1 that if 
you have a problem, it is likely to stem from an internal 
concern. Far more data is lost because someone didn't back 
up a file than from a malicious hacker snooping for open 
ports in your network. 

When a situation occurs that results in the loss of 
information or applications, recovery can be made easier if 
a contingency plan has been developed beforehand. By 
deciding what actions to take prior to the emergency, the 
process of recovery will be easier and less stressful. The 
back up plan should explicitly outline which actions are to 
be performed, the situation that should precede these 
actions and the actual person responsible for carrying out 
the actions. The best choice for this person would be the 
system administrator or the employee with the most 
knowledge of the system. If this is not possible, then 
someone should be specifically trained for these particular 
situations. There are three steps to developing an 
effective back up plan. First, all critical data should be 
backed up and stored in an off-site location in case of an 
equipment or virus-related emergency. Secondly, an 
emergency power supply system and surge suppressors should 
be installed. This will protect against damage from 
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blackouts or power irregularities. Lastly, startup disks 
should be made for each computer, so that they can be 
rebooted cleanly after damage from a virus has occurred 
(Benson, 1998b) . 




Figure 1 . An example from a battery backup system/universal 
power supply (American Power Company) . 

Developing Security Policies 

Next, the organization should work toward developing 
effective security policies. Developing a policy differs 
from company standards and procedures. Standards and 
procedures describe exactly how the policy is to be carried 
out. A good policy will simply be an overall approach to 
insuring the security of the system, specifying which parts 
of that system are to be secured. The policy is made up of 
four parts: the purpose, the scope, general policy 

statements and policy standards (Benson, 1998b) . The 
purpose describes what the policy is intended to 
accomplish. The scope tells who and what will be subject 
to obey the policy. General p>olicy statements are the 
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rules by which the policy is put into place. These rules 
should indicate the people and positions responsible for 
certain tasks, define the use and misuse of the computer 
system, who will receive access to the system, which parts 
of the system need to be protected, and the consequences of 
violating the policy. Lastly, policy standards should be 
stated, in which the tasks necessary to support the policy 
statements are listed. 

Physical Security 

It is only with a modest sense of irony we point out 
that perhaps the easiest way to lose computerized test data 
is for someone to walk into a testing facility and 
physically remove a computer or hard disk. It is not 
impossible to prevent and there are several things you can 
do to discourage theft of this nature. First make sure the 
testing facility can be locked. At our facility, the 
center key is not part of the organization's "master" 
system, and the center staff are the only individuals with 
keys to the room where computers are kept. We also have a 
separate key-coded alarm system (code is changed once a 
month) . When the room is opened up in the morning the 
alarm has to be deactivated. When the alarm is off, the 
room is continuously staffed by at least one individual. 
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Similar security is in place where our web-based servers 
are kept . 

Each of the computers is secured by a locked cable. 
More challenging systems allow you to bolt your computer to 
a metal plate that is glued to a desk; however, sometimes 
the more intimidating physical security systems can impose 
constraints on how the CPU or monitor can be positioned. 
Computers may also be "fortified" with devices that block 
access to floppy drives, removable hard drives, or CD-ROMs. 
Many computers also provide for the option of requiring a 
key insertion and turn before the CPU can be booted. 

The room that is used for testing should, of course, 
have dedicated electrical circuits and plenty of HVAC to 
handle the heat that computers generate. In examining the 
physical layout of your space, you'll want to ensure that 
ceiling access is also blocked as many buildings use false 
ceilings. Clever thieves can gain access to a room by 
crawling through the false ceiling space and dropping down 
into the testing facility. 

Front-End Security 

If a PC is to be accessed by outside or multiple 
users, "front-end" security should be established. This is 
accomplished by securing menu systems that provide access 
to the control programs. These programs in turn, provide 
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entree to files and applications that must be protected. 
By restricting access to these programs, the organization 
reduces the risk of damage to important files and 
applications due to the actions of users not familiar with 
network . 

Secure Menu Systems 

Along the same lines as installing front-end security, 
securing menu systems involves disabling some "user- 
friendly" options that are designed to provide easy access 
to all parts of the system. All Microsoft Windows 
operating systems contain the program Everybody's Menu 
Builder 2.0. This program assists in the creation of a 
user-friendly menu system with the benefit of extra 

security. Included in its' features is the ability to 
disable the CTRL+ALT+DEL (rebooting) function, which 
automatically shuts down the machine, and disables the 
mouse's right click contextual menus. Eliminating the 
PrtScr (print screen) button on some computer keyboards 
would fall under the same consideration. 

Password Protection 

One of the most under-utilized and abused security 
features implemented in most computers has to do with 
password protection. Many computers have the option of 
requiring a password before allowing a computer to complete 
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it boot-up process; nevertheless this feature is often 
disabled because it is considered an inconvenience. Even 
when passwords are required, many users will resort to 
easily guessable defaults (e.g., "guest", "admin", "userl") 
rather than implementing a secure alternative. Passwords 
should be at least 8 characters long, should consist of 
letter-number combinations, and should not among those that 
are commonly used (e.g., " studmuf f in" , "princess", 

"genius") . It should be noted that even good password 
systems can be compromised if the password information is 
not properly encrypted the program that uses it . We 

discuss encryption later on in this paper. A common way to 
force users to select safer passwords is for the system 
administrator to set minimum password limits for all users. 

This means that every user password must have a minimum 

number of characters, and even a minimum number affecting 
the type of characters used. The typical number of 
characters required usually ranges between six and eight. 
Also required in many systems is the inclusion of at least 
one non- alphabet character, for example, numbers or 
punctuation marks. This makes the process of password 
hacking much more difficult. Hackers will often use 
dictionary software to scan for passwords in a variety of 
languages. By adding non-alphabet characters into the 
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password, the dictionary scan can be thwarted. There are a 
few emerging programs on the net (e.g., AntiCrack) that can 
assess a password for potential vulnerabilities to 
cracking . 

Connecting to the Internet 

The whole business of preventing external threats to 
your network ends up consisting of a number of incremental 
steps designed to thwart the attempts of others in a game 
of Internet "cat and mouse" . One of the easiest ways to 
prevent external intrusions is by disconnecting from the 
Internet and simply running a local area network 
(Intranet) . Combined with proctoring of the machines, a 
secure menu system, and attention to safety (backing up, 
emergency power supply, and anti-virus software) , your 
system will be relatively secure. 

However, if you must be connected to the Internet to 
perform your web-based testing, there are some steps you 
can take to help secure your site. First, perform a 
computer security check-up. It is possible to have your 
system analyzed to determine the weaknesses for which it is 
vulnerable. For example, Shields UP! 
( https : //grc . com/x/ne . dll ?bh0bkyd2 ) can perform a basic 
analysis for Windows-based machines. After connecting to 



your network, this web site will return a full report on 
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technical aspects of your communications setup such as the 
number of open ports and how stealthy your system is to 
outside intruders. Fig. 2 illustrates a screen shot of a 
component of the Shields Up! web site. 
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Figure 2 . A Component of the Shields Up! Internet 

Connection Security setup. 

Firewalls 

In addition to examining your Internet 
vulnerabilities, you can also install a firewall. In its 
original incarnation, firewalls were computers that 

protected the local networks and dial-in lines by 
controlling information that was let in or out (Benson, 
1998a) . Today, one can obtain a "personal firewall" which 
runs on an individual client machine and offers a similar 
level of protection. For example, Zone Alarm 2.0 is 

freeware that will install a "personal firewall" on each 
machine in the network. Alternatively, a number of vendors 
offer network firewalls that operate off a dedicated 
machine . 
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Figure 3 . A Component of Zone Alarm, a personal firewall. 

In contrast to a firewall, a proxy server masks the 
network to outsiders. For example, all Internet protocol 
(IP) requests for information may go through the proxy 
server, so those on the outside are unable to differentiate 
one machine on the network from the rest . 

Viruses & Trojan Horses 

If a user has legitimate business on your server, the 
most common compromise of data is most likely accomplished 
with good intent ions— the client introduces a computer 
virus. A virus is actually a program that can destroy, 
delete or "lock up" information and applications on a 
system. If data is not damaged, the virus can still be 

troublesome in that it takes up valuable disk space and 
memory. Viruses are often attached to some sort of host 

program, where the execution of the program causes the 
execution of the virus. These programs commonly take the 
form of Trojan Horse viruses. The Trojan Horse virus 
performs its' action covertly and is delivered via a host 
program or "dropper" (McClure, 1999) . 
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These viruses typically enter the computer system in 
one of three ways: by disk, downloads, or attachments. 

Floppy disks used on other systems can be used to 
unwittingly "transmit" the virus when opened on another 
system (Campbell, 2000) . Downloading information from any 
online service can introduce virus programs. Lastly, email 
attachments carrying a virus, when opened, carry the 
potential to damage systems. Often reports of these are 
exaggerated and many of them are hoaxes, but the 
possibility does exist. There are several websites that 
list the names of popular virus warnings that are typically 
sent via e-mail. These websites differentiate between 
warnings that are hoaxes and those that are actual threats 
(Thornloe, 2000) . 

Anti-virus software is the most common protection from 
this type of threat. When looking to choose an effective 
anti-virus program, there are some factors that should be 
taken into account in order to insure the best fit with the 
intended system. First, the type of system can make a 
difference. Further, is the system networked and if so, 
should the entire network be protected? Also, check the 
types of virus detection and prevention offered by the 
software. There are several options that a good virus 
protection program should offer. The user should be able 
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to receive virus protection updates from the company. This 
updated information should help protect systems from newly 
developed viruses. Two types of scanning practices are 
used in virus detection. Signature-based scanning should 
be used to detect the virus before it is brought into the 
system and before the opportunity arises for it to 
activate. One way this is accomplished is through 
heuristics-based scanning, which is a program that checks 
for codes commonly used to create viruses. Another method 
is using memory- resident monitoring to check the memory for 
an existing virus. The software should also regularly 
check the integrity of program files to determine whether 
changes have occurred. Companies such as McAfee or 
Symantec provide various types of anti-virus software 
depending on the needs of the system. There are also free 
anti-virus software or "freeware" that can be downloaded 
from the Internet. 
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startup disk and turn the computer on. Next, follow the 
instructions on the anti-virus software to scan the 
directory for infected files. The software will then 
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remove the virus from each infected file. After all files 
have been scanned, shut down the computer and reboot. 
Afterwards, all floppy disks should be scanned so that a 
re-infection does not occur. If the virus is still 
infecting any files, follow steps in the software to delete 
infected files. 

Encryption 

One frequently employed security measure, used when 
sensitive information is transmitted from one source to 
another, is encryption. Encryption is the transformation 
of data into a form that is nearly impossible to read 
without the use of a key (Schneier, 1996) . Information is 
first transferred into an encrypted, or unreadable, form 
and sent to a certain destination. Once it arrives, an 

authorized party uses a key to decrypt, or decode, the 
information. In a public and private key system, the 
public key is shared among authorized users and is used for 
encryption only. Once the information is received, it can 
only be decoded by the recipient's own private key. The 
private key is accessible only by individual recipients. 
Secret key systems are also employed, in which both sender 
and recipient encode and decode information with the same 
key. However, it can be difficult for both parties to 
agree on a particular key without the fear of someone else 
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discovering this information. All of these keys have life 
cycles that eventually cause keys to expire, which insure 
that new keys are constantly being developed and used 
(Schneier, 1996) . This is very important considering the 
common uses for encryption. Sensitive data can be 

transmitted and shared with little fear of being lost or 
stolen, if the encryption software is effective and current 
and if the program has been implemented properly. When 
data is successfully intercepted and decrypted, it is 
rarely because the actual code has been broken. Often it 
is easier for intruders to look for holes in the 
implementation. Lapses in security are much easier to 
exploit than the complex methods employed by encryption 
programs . 

Nitty Gritty 

As we alluded early on in this paper, most of what 
can go wrong with Internet data collection is common to 
many other types of computer transactions— power loss, virus 
infection and the like. There are processes that go on 
specific to the Internet, and what follows is a brief 
description of the rare occurrence of outside intruders 
trying to gain access to a web-based data collection 
server . 

BEST COPY AVAILABLE 
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Footprinting 

The first step an outside intruder will use to gain 
access to a site is called "footprinting" . Footprinting is 
the creation of a profile of an organizations' system using 
a fairly systematic method of examination. Hackers 

frequently use a variety of techniques to compile 
information regarding organization sources such as the 
Internet, extranet, intranet and remote access. The first 
phase of footprinting involves determining the limits of 
what is to be examined. For example, footprinting an 
entire organization is very different from footprinting 
only specific parts of the organization. Next, the hacker 
will perform an open source search, usually by checking the 
organization's official web page. Several key pieces of 
information can be determined simply from examining the 
site. Hackers can also gain important information by 
employing various query types. The four main types that 
are typically accessed are organizational, domain, network 
and point of contact (POC) queries. Potential intruders 
can also view the domain name server (DNS) , a database 
containing IP addresses and their matching host names 
(McClure, 1999) . Firewalls are typically used to prevent 
extensive footprinting by unauthorized users. It is also 
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recommended that intrusion detection be used in addition, 



to log any attempts to footprint the organization's system. 
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Figure 4 . VisualRoute is a program which allows you to 
query the connections and routing for a particular domain. 
It will also permit you to collect network and domain whois 
information (Source: 
http : / /www . visual route . com/press/ emeraldl . gif ) . 



Port Scanning and Pinging 

Once the weaknesses of an organization have been 
discovered, the intruder will attempt to determine if those 
weaknesses are exploitable. Two common methods of this 
type of scan are Ping sweeps and Port scanning. Ping 
sweeps consist of sending echo packets to those IP 
addresses that have been detected during the footprinting 
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process. The pings will report whether the IP address is 
alive and available for attack. Due to the fact that ping 
attempts often precede an attack, it is crucial to detect 
these attempts as soon as they occur. Ping detection 
programs such as Network Flight Recorder (NFR) can detect 
the origin of the ping sweep and help determine when an 
attack may occur. Once these vulnerable systems have been 
identified, the process of port scanning can take place. 
This is when the open (TCP and UDP) ports of a system are 
scanned to determine what type of operating system is in 
place and what kind of applications are being used. Once 
open ports are infiltrated, intruders can mask their 
origin, take up disk space, attempt to bypass firewalls, 
and further compromise the system (McClure, 1999) . The 
more ports that are in "listening" mode, or in use, the 
more vulnerable the system is to infiltration. Like 
detection of ping sweeps, detection of port scanning 
attempts is important to determine from where and when an 
attack may occur. 
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Figure 5 . IP Nework Browswer (Source: 
http : / /solarwinds . net /IPNetworkBrowser/ ) 

Figure 5 is a screen-shot of a program that can scan 
an IP subnet and show what devices are responding on that 
subnet. Each of the responding devices is then queried via 
SNMP. More details about each device can then be displayed 
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Figure 6 . Cheops can help a system administer or external 
threat locate network resources (Source: 
ht tp : // www . marko . net / cheops/ ) . 

Keystroke Logging 
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Figure 7 . Invisible KeyLogger Stealth for Windows NT 
(Source: http : / /www. amecisco . com/ iksnt . htm ) . 

Invisible KeyLogger Stealth is a keystroke recorder 
that can capture even NT's "trusted path" -- alt-ctrl-del 
logon. It's a security auditing tool that has gained 
favorable reviews from some of the most prominent security 
auditors in the business. 
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Software Vulnerabilities 



Microsoft IE external. NavigateAndFind() Cross-Frame 
Vulnerability 



Using the window.external.NavigateAndFind() function it is possible 
for a remote server to execute arbitrary javascript code on an IE4, 5 
or 5.1 client machine in the local security context. 

This function is used to load a web document and search it for 
specific strings, displaying the results in a secondary frame. 

However, the function will accept URLs of the form "javascript:", and 
should such a URL to passed to the function, the javascript is 
executed in the security context of the content of the secondary 
frame, and has access to that frame's current content. 

This weakness could be used to retrieve pwl files, the local SAM 
database, cookies or any other locally stored information that the 
user has read access to. The attack could be made via the web, or in 
an HTML email or newsgroup posting. 

Figure 8 . Still not sure whether you are open to attack? 
(Source: http : //www . securityf ocus . com/bid/ 887 ) . 



Figure 8 illustrates a posting from a network security 
company that lists some weaknesses associated with some of 
the more popular network browsers. 



Exploiting Your System 

Once an intruder has identified the weak points in the 
system, these spots will likely be used as access points to 
the network. These points can be identified by successful 
footprinting techniques or by successful port scans. These 
open ports then provide an open door for the intruder. 
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After the network has been accessed, the goal of the 
intruder is to gain access to the machine of the system 
administrator. This will give the intruder full access to 
the entire network. As mentioned before, the importance of 
passwords is greatly underestimated. If an administrator 
or employee leaves passwords on the default setting, the 
system can be accessed relatively easily. Intruders who are 
simply familiar with the organization's software can crack 
these generic passwords. This type of mistake is 
attributable to either ignorance of the importance of 
secure passwords (usually on the part of the average 
employee) or laziness (usually on the part of the 
administrator) and can be corrected simply by supplying all 
members of an organization with information regarding their 
accounts and passwords. Even if strong passwords are used, 
the system is still in potential danger. The intruder may 
install a keystroke logger on at a remote location within 
the system. After waiting for a short period of time, the 
network ids and passwords of various individuals can be 
viewed by the intruder. The information gained allows the 
hacker to access more machines in the system via hidden 
Trojan programs until he finds an entry by the system 
administrator. After the system administrator's password 
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is discovered, the intruder gains access to the entire 
system. 

What Now? 

Let's say that you're site has been compromised, but 
you've finally figured out the problem, and you've hired 
security experts to squelch further incursions. Are you 
totally out of luck? Depending on the length and extent of 
the data compromise or loss, you may still be able to 
reconstruct some of your data, IF you've backed up on a 
regular basis. Depending on how malicious the activity of 
your intruders, you may still be able to retrieve data from 
your original server or hard disks. For example, some 

programs that "erase" data only eliminate the file name 

from the file allocation table; the actual data may still 

reside on the hard disk until overwritten by some other 

file. File management programs like Norton Utilities may be 
able to unerase files that have been "eliminated" . 

The moral of our paper is that one can never be too 
careful when it comes to evaluating both the motives of 
people and the capabilities of technology— most of us tend 
to underestimate the good intentions of those around us and 
overestimate the wizardry of machines. By taking a 
systematic approach to evaluating the security of your test 
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site, you can avoid the embarrassing prospect of asking, 
"Where did all the data go?" 
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Appendix A: Places to Visit About Security 
Hacking Exposed www . hackingexposed . com 
RSA Security Homepage www. rsa . com 
Computer Security Institute www . gocsi . com 
Computer and Network Security Index 
www . vtci f . telstra . com. au / info/ security . html 
Virus Bulletin www . virusbtn . com 

Computer Security Information www. alw. nih . gov/ Security/ 

UN on Computer- related Crime 

www. if s . uni vie . ac . at/ ~pr2gql/rev4344 . html 

COAST Security Archive Group 

www . cerias . purdue . edu/ coast /archive/ 

Network Security Library secinf.net/ 
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